Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Lin-cissp > Failed questions > Flashcards

Failed questions Flashcards

1
Q

What process facilitates the balance of operational and economic costs of protective measures with gains in mission capability?
A. Performance testing
B. Risk assessment
C. Security audit
D. Risk management

A

D
Risk management is the process that allows IT managers to balance the operational and economic costs of protective measures and achieve gains in mission capability by protecting the IT systems and data that support their organizations’ missions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following would an information security professional use to recognize changes to content, particularly unauthorized changes?

A. File Integrity Checker
B. Security information and event management (SIEM) system
C. Audit Logs
D. Intrusion detection system (IDS)

A

A. File Integrity Checker

File Integrity Checkers are tools used to monitor and validate the integrity of files and systems by regularly scanning and comparing the current state of files against a known baseline or reference. They detect unauthorized changes, modifications, or alterations to files by comparing attributes such as file size, timestamps, permissions, and checksums. When unauthorized changes occur, the file integrity checker can generate alerts or notifications to indicate potential security breaches or anomalies.

While the other options (SIEM system, Audit Logs, and IDS) are also valuable security tools, they might not specifically focus on recognizing unauthorized changes to content in the same direct and detailed manner as a File Integrity Checker does.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which Wide Area Network (WAN) technology requires the first router in the path to determine the full path the packet will travel, removing the need for other routers in the path to make independent determinations?

A. Synchronous Optical Networking (SONET)
B. Multiprotocol Label Switching (MPLS)
C. Fiber Channel Over Ethernet (FCoE)
D. Session Initiation Protocol (SIP)

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following is included in change management?
A. Technical review by business owner
B. User Acceptance Testing (UAT) before implementation
C. Cost-benefit analysis (CBA) after implementation
D. Business continuity testing

A

Change management involves a systematic approach to managing changes within an organization’s IT infrastructure, processes, or systems. Among the options provided:

B. User Acceptance Testing (UAT) before implementation

User Acceptance Testing (UAT) is a critical phase within change management. It involves testing changes in a controlled environment to ensure that they meet business requirements and are acceptable to end-users or stakeholders before the changes are implemented into the production environment. UAT helps identify potential issues, gather feedback, and validate that the changes will perform as intended, minimizing risks associated with implementation.

While the other options mentioned (technical review by the business owner, cost-benefit analysis after implementation, business continuity testing) might be part of various stages in the change management process, UAT specifically focuses on testing changes before their deployment to ensure they meet user expectations and requirements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A company is enrolled in a hard drive reuse program where decommissioned equipment is sold back to the vendor when it is no longer needed. The vendor pays more money for functioning drives than equipment that is no longer operational. Which method of data sanitization would provide the most secure means of preventing unauthorized data loss, while also receiving the most money from the vendor?

A. Pinning
B. Single-pass wipe
C. Multi-pass wipes
D. Degaussing

A

The answer here is “C”

Degaussing - once a drive has been degaussed, it can no longer be used.

Single Pass - replacing 0s and 1s might not be enough. With the right tools “in theory” some of the data can be recover

Muti-Pass - Gives us that “peace of mind” the data has been permanetly deleted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following is not true about continuous monitoring?

A. It involves ad hoc processes that provide agility in responding to novel attacks.
B. Its main goal is to support organizational risk management.
C. It helps determine whether security controls remain effective.
D. It relies on carefully chosen metrics and measurements.

A

A.
More about the answer:

Continuous monitoring is a deliberate, data-driven process supporting organizational risk management. One of the key questions it answers is: are controls still effective at mitigating risks? Continuous monitoring could potentially lead to a decision to implement specific ad hoc processes, but these would not really be part of continuous monitoring.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which item is not part of a Kerberos authentication implementation?

A. Message authentication code
B. Ticket granting service
C. Authentication service
D. Users, programs, and services

A

A.
More about the answer:

Message authentication code (MAC) is a cryptographic function and is not a key component of Kerberos. Kerberos is made up of a KDC, a realm of principals (users, services, applications, and devices), an authentication service, tickets, and a ticket granting service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Synthetic transactions are best described as

A. Real user monitoring (RUM)
B. Transactions that fall outside the normal purpose of a system
C. Transactions that are synthesized from multiple users’ interactions with the system
D. A way to test the behavior and performance of critical services

A

D.
More about the answer:

Synthetic transactions are those that simulate the behavior of real users, but are not the result of real user interactions with the system. They allow an organization to ensure that services are behaving properly without having to rely on user complaints to detect problems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the purpose of polyinstantiation?

A. To restrict lower-level subjects from accessing low-level information
B. To make a copy of an object and modify the attributes of the second copy
C. To create different objects that will react in different ways to the same input
D. To create different objects that will take on inheritable attributes from their class

A

B.

More about the answer:

Instantiation is what happens when an object is created from a class. Polyinstantiation is when more than one object is made and the other copy is modified to have different attributes. This can be done for several reasons. The example given in the chapter was a way to use polyinstantiation for security purposes to ensure that a lower-level subject could not access an object at a higher level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following attack types best describes what commonly takes place when you insert specially crafted and excessively long data into an input field?

A. Traversal attack
B. Unicode encoding attack
C. URL encoding attack
D. Buffer overflow attack

A

D.

More about the answer:

The buffer overflow is probably the most notorious of input validation mistakes. A buffer is an area reserved by an application to store something in it, such as some user input. After the application receives the input, an instruction pointer points the application to do something with the input that’s been put in the buffer. A buffer overflow occurs when an application erroneously allows an invalid amount of input to be written into the buffer area, overwriting the instruction pointer in the code that tells the program what to do with the input. Once the instruction pointer is overwritten, whatever code has been placed in the buffer can then be executed, all under the security contact of the application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

According to the (ISC)2 ethics policy, complaints must be submitted ________.
A. through the (ISC)2 website
B. in writing
C. anonymously
D. within one year of the accused infraction

A

The correct answer is B. (ISC)2 requires the use of the (ISC)2 complaint form as a sworn affidavit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Organizations in which of the following countries are not allowed to process EU citizen personal data?
A. Germany
B. Argentina
C. Singapore
D. United States

A

The correct answer is D. The United States does not have an overarching federal law that is compliant with the General Data Protection Regulation (GDPR), the EU law governing personal privacy; therefore, organizations in the United States, with certain exceptions, are not allowed to process personal data of EU citizens.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following is not a common trait of DRM solutions?
A. Persistence
B. Continuous audit trail
C. Automatic expiration
D. Virtual licensing

A

The correct answer is D. “Virtual licensing” is not a term with any meaning, and it is just a distractor in this context.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following is included in change management?
A. Technical review by business owner
B. User Acceptance Testing (UAT) before implementation
C. Cost-benefit analysis (CBA) after implementation
D. Business continuity testing

A

Most people choose B or D.
I prefer to B.

One person’s explanation:
Change management involves a systematic approach to managing changes within an organization’s IT infrastructure, processes, or systems. Among the options provided:

B. User Acceptance Testing (UAT) before implementation

User Acceptance Testing (UAT) is a critical phase within change management. It involves testing changes in a controlled environment to ensure that they meet business requirements and are acceptable to end-users or stakeholders before the changes are implemented into the production environment. UAT helps identify potential issues, gather feedback, and validate that the changes will perform as intended, minimizing risks associated with implementation.

While the other options mentioned (technical review by the business owner, cost-benefit analysis after implementation, business continuity testing) might be part of various stages in the change management process, UAT specifically focuses on testing changes before their deployment to ensure they meet user expectations and requirements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following is included in a change request?
a. An updated version of the risk register
b. A description of project elements impacted by the change
c. A most recent copy of scope document
d. The project sponsor and stakeholder expectations

A

Answer- Option D is the correct choice

D- A change request refers to a proposal to change a product or system. During a project, this happens when the sponsor and stakeholders want to change the requirements and deliverables of the project. Hence, this is the true choice.

a- The updated risk register represents the newly arising risk of the project. It does not denote the altered request of the project. Thus, this is a false choice.

b- Description of the project’s element affected by the change is included in change management rather than change request. Therefore, this is the wrong choice.

c- A most recent copy of the scope of the project represents the current scalability and functionality of the project. It does not part of the change request. So this is an invalid choice.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An organization is looking to include mobile devices in its asset management system for better tracking. In which system tier of the reference architecture would mobile devices be tracked?
A. 0
B. 1
C. 2
D. 3

A

Answer is A. Not sure if is correct.

Most people select B.

17
Q

Which of the following is the BEST way to protect an organization’s data assets?
A. Encrypt data in transit and at rest using up-to-date cryptographic algorithms. Most Voted
B. Monitor and enforce adherence to security policies.
C. Require Multi-Factor Authentication (MFA) and Separation of Duties (SoD).
D. Create the Demilitarized Zone (DMZ) with proxies, firewalls and hardened bastion hosts.

A

The answer is A. Not sure if it’s correct.
Most people vote for B

If A is correct, it might be the key word is “data asset”.

18
Q

What industry-recognized document could be used as a baseline reference that is related to data security and business operations or conducting a security assessment?
A. Service Organization Control (SOC) 1 Type 2
B. Service Organization Control (SOC) 1 Type 1
C. Service Organization Control (SOC) 2 Type 2
D. Service Organization Control (SOC) 2 Type 1

A

The Answer is D.

SOC 2 Type 1 takes a “snapshot-in-time” approach, setting a baseline for future audits of your service organization’s system.
SOC 2 Type 2 asks how well your data security and privacy controls have worked since your last SOC 2 audit.
So, the audit procedure most organizations follow is:

Type 1 for the first SOC 2 audit
Type 2 for subsequent SOC 2 audits.

19
Q

A criminal organization is planning an attack on a government network. Which of the following scenarios presents the HIGHEST risk to the organization?

A. Organization loses control of their network devices.
B. Network is flooded with communication traffic by the attacker.
C. Network management communications is disrupted.
D. Attacker accesses sensitive information regarding the network topology.

A

The Answer is: A

A CRIMINAL ORGANIZATION is planning an attack on a government network. Which of the following scenarios presents the HIGHEST risk to the ORGANIZATION? (To the criminals organization) - A: Will compromise the criminal organization, cannot carry out planned attack.

20
Q

In the “Do” phase of the Plan-Do-Check-Act model, which of the following is performed?

A. Maintain and improve the Business Continuity Management (BCM) system by taking corrective action, based on the results of management review.
B. Monitor and review performance against business continuity policy and objectives, report the results to management for review, and determine and authorize actions for remediation and improvement.
C. Ensure the business continuity policy, controls, processes, and procedures have been implemented.
D. Ensure that business continuity policy, objectives, targets, controls, processes and procedures relevant to improving business continuity have been established.

A

Plan = Plan
Do = Perform
Act = Improve
Check = Monitor

PLAN - D. Ensure that business continuity policy, objectives, targets, controls, processes and procedures relevant to improving business continuity have been established.

DO - C. Ensure the business continuity policy, controls, processes, and procedures have been implemented.

ACT - A. Maintain and improve the Business Continuity Management (BCM) system by taking corrective action, based on the results of management review.

Check - B. Monitor and review performance against business continuity policy and objectives, report the results to management for review, and determine and authorize actions for remediation and improvement

Plan = Plan
Do = Perform
Act = Improve
Check = Monitor

PLAN - D. Ensure that business continuity policy, objectives, targets, controls, processes and procedures relevant to improving business continuity have been established.

DO - C. Ensure the business continuity policy, controls, processes, and procedures have been implemented.

ACT - A. Maintain and improve the Business Continuity Management (BCM) system by taking corrective action, based on the results of management review.

Check - B. Monitor and review performance against business continuity policy and objectives, report the results to management for review, and determine and authorize actions for remediation and improvement

21
Q

When resolving ethical conflicts, the information security professional MUST consider many factors. In what order should the considerations be prioritized?
A. Public safety, duties to individuals, duties to the profession, and duties to principals
B. Public safety, duties to principals, duties to the profession, and duties to individuals
C. Public safety, duties to principals, duties to individuals, and duties to the profession
D. Public safety, duties to the profession, duties to principals, and duties to individuals

A

The answer is B

Both CISSP official study guide and https://www.isc2.org/Ethics state the following:
Protect SOCIETY, the common good, necessary public trust and confidence, and the infrastructure.
Act honorably, honestly, justly, responsibly, and legally.
Provide diligent and competent service to PRINCIPALS.
Advance and protect the PROFESSION.
Observe, there is no reference to individuals. I speculate most of us selected option C as we are part of the individuals who make the profession and society at large. We want to be included in the factors of consideration; however, there is no mention to individuals in the Code of Canons.

22
Q

A company is attempting to enhance the security of its user authentication processes. After evaluating several options, the company has decided to utilize Identity as a Service (IDaaS). Which of the following factors leads the company to choose an IDaaS as their solution?

A. In-house team lacks resources to support an on-premise solution.
B. Third-party solutions are inherently more secure.
C. Third-party solutions are known for transferring the risk to the vendor.
D. In-house development provides more control.

A

Answer is A

Answer C is wrong because the question says “ to enhance the security of its user authentication processes”, transferring risk does not enhance the security of the user

23
Q

An organization recently suffered from a web-application attack that resulted in stolen user session cookie information. The attacker was able to obtain the information when a user’s browser executed a script upon visiting a compromised website. What type of attack MOST likely occurred?

A. SQL injection (SQLi)
B. Extensible Markup Language (XML) external entities
C. Cross-Site Scripting (XSS)
D. Cross-Site Request Forgery (CSRF)

A

The answer is C.

XSS happen on client side. CSRF happening on web server side.

XSS injects a malicious script into a vulnerable website in order to get a user’s session cookies when they visit the compromised website. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site.

XSRF/CSRF, on the other hand, only targets the user directly; it does not compromise any website and does not get session cookies.

24
Q

An attack utilizing social engineering and a malicious Uniform Resource Locator (URL) link to take advantage of a victim’s existing browser session with a web application is an example of which of the following types of attack?

A. Clickjacking
B. Cross-site request forgery (CSRF)
C. Cross-Site Scripting (XSS)
D. Injection

A

Most people think the answer should be B

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker’s choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state-changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application.

25
Q

Which of the following encryption technologies has the ability to function as a stream cipher?
A. Cipher Block Chaining (CBC) with error propagation
B. Electronic Code Book (ECB)
C. Cipher Feedback (CFB)
D. Feistel cipher

A

C

26
Q

In a disaster recovery (DR) test, which of the following would be a trait of crisis management?
A. Process Most Voted
B. Anticipate
C. Strategic
D. Wide focus

A

The answer is B. Anticipate.

Crisis management is the process of planning and responding to unexpected events that can have a negative impact on an organization. One of the key traits of crisis management is the ability to anticipate potential problems and develop plans to mitigate their impact. This means being able to think ahead and identify potential risks, as well as having a plan in place to deal with them if they do occur.

27
Q

Which of the following BEST describes the purpose of the reference monitor when defining access control to enforce the security model?
A. Strong operational security to keep unit members safe
B. Policies to validate organization rules
C. Cyber hygiene to ensure organizations can keep systems healthy
D. Quality design principles to ensure quality by design

A

B. Policies to validate organization rules.

The reference monitor is a security mechanism that controls and mediates the access of programs, processes, or users to resources or objects in a system. It enforces the security policy for the system by validating and controlling access requests according to the rules specified in the security policy.

28
Q

Which of the following is security control volatility?

A. A reference to the impact of the security control.
B. A reference to the likelihood of change in the security control.
C. A reference to how unpredictable the security control is.
D. A reference to the stability of the security control.

A

Selected Answer: B

It says Security control volatility is a measure of how frequently a control is likely to change over time subsequent to its implementation.

29
Q

When auditing the Software Development Life Cycle (SDLC) which of the following is one of the high-level audit phases?
A. Planning
B. Risk assessment
C. Due diligence
D. Requirements

A

The answer is C.

Don’t know why!

30
Q
A

Lin-cissp (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions